| Message ID | 20210729074658.8538-1-yajun.deng@linux.dev (mailing list archive) |
|---|---|
| State | Superseded |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | [v2] netfilter: nf_conntrack_bridge: Fix memory leak when error | expand |
| Context | Check | Description |
|---|---|---|
| netdev/cover_letter | success | Link |
| netdev/fixes_present | success | Link |
| netdev/patch_count | success | Link |
| netdev/tree_selection | success | Guessed tree name to be net-next |
| netdev/subject_prefix | warning | Target tree name not specified in the subject |
| netdev/cc_maintainers | fail | 1 blamed authors not CCed: davem@davemloft.net; 4 maintainers not CCed: roopa@nvidia.com davem@davemloft.net nikolay@nvidia.com kuba@kernel.org |
| netdev/source_inline | success | Was 0 now: 0 |
| netdev/verify_signedoff | success | Link |
| netdev/module_param | success | Was 0 now: 0 |
| netdev/build_32bit | fail | Errors and warnings before: 19 this patch: 6 |
| netdev/kdoc | success | Errors and warnings before: 0 this patch: 0 |
| netdev/verify_fixes | success | Link |
| netdev/checkpatch | success | total: 0 errors, 0 warnings, 0 checks, 11 lines checked |
| netdev/build_allmodconfig_warn | fail | Errors and warnings before: 56 this patch: 6 |
| netdev/header_inline | success | Link |
On Thu, Jul 29, 2021 at 03:46:58PM +0800, Yajun Deng wrote: > It should be added kfree_skb_list() when err is not equal to zero > in nf_br_ip_fragment(). > > v2: keep this aligned with IPv6. > > Fixes: 3c171f496ef5 ("netfilter: bridge: add connection tracking system") > Signed-off-by: Yajun Deng <yajun.deng@linux.dev> > --- > net/bridge/netfilter/nf_conntrack_bridge.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/net/bridge/netfilter/nf_conntrack_bridge.c b/net/bridge/netfilter/nf_conntrack_bridge.c > index 8d033a75a766..3cf5457919c6 100644 > --- a/net/bridge/netfilter/nf_conntrack_bridge.c > +++ b/net/bridge/netfilter/nf_conntrack_bridge.c > @@ -88,6 +88,11 @@ static int nf_br_ip_fragment(struct net *net, struct sock *sk, > > skb = ip_fraglist_next(&iter); > } > + > + if (!err) > + return 0; > + > + kfree_skb_list(iter.frag_list); Actually: kfree_skb_list(iter.frag); I used frag_list instead of frag in my snippet. > return err; > } > slow_path: > -- > 2.32.0 >
diff --git a/net/bridge/netfilter/nf_conntrack_bridge.c b/net/bridge/netfilter/nf_conntrack_bridge.c index 8d033a75a766..3cf5457919c6 100644 --- a/net/bridge/netfilter/nf_conntrack_bridge.c +++ b/net/bridge/netfilter/nf_conntrack_bridge.c @@ -88,6 +88,11 @@ static int nf_br_ip_fragment(struct net *net, struct sock *sk, skb = ip_fraglist_next(&iter); } + + if (!err) + return 0; + + kfree_skb_list(iter.frag_list); return err; } slow_path:
It should be added kfree_skb_list() when err is not equal to zero in nf_br_ip_fragment(). v2: keep this aligned with IPv6. Fixes: 3c171f496ef5 ("netfilter: bridge: add connection tracking system") Signed-off-by: Yajun Deng <yajun.deng@linux.dev> --- net/bridge/netfilter/nf_conntrack_bridge.c | 5 +++++ 1 file changed, 5 insertions(+)